Traefik 2.0 hit GA in September 2019, releasing a host of new features including TCP support with SNI routing, middlewares, canary/traffic mirroring, and IngressRoute Kubernetes CRD. While the team at Containous (the creators of Traefik) did a great job laying out the migration steps from v1 to v2, there’s not a ton of user guides for Kubernetes currently. Besides the “Traefik & CRD & Let’s Encrypt” user guide on the documentation website (which uses k3s docker image), I found myself referencing more extensive Docker tutorials around the web to apply to my Kubernetes cluster. So here is a quick 5-minute end-to-end setup of Traefik, Let’s Encrypt, and Cloudflare to handle HTTPS requests on Kubernetes.

Before we begin, if you need a refresher on Kubernetes Ingress Controllers, IngressRoute CRD, or a comparison of Traefik and other popular Ingress Controllers, please check out:


To follow this tutorial, you will need a working Kubernetes cluster (e.g. minikube, GKE, EKS, AKS, or k3s) with Helm 3.x installed.

Add Traefik’s chart repository to Helm:

helm repo add traefik

If you are new to Traefik, here’s an overview of basic concepts:

  • EntryPoints: listen to incoming traffic
  • Routers: analyze incoming requests and connect to services
  • Middleware: modify/update the request (e.g. rate-limiting, HTTPS redirect)
  • Services: forwards request to corresponding servers/load balancers/applications

#traefik #cloudflare #lets-encrypt #kubernetes #tutorial

Quickstart with Traefik v2 on Kubernetes
32.10 GEEK